"This prompted us to move towards a pay setup where we have someone who we can call up and yell at and also make feature requests that, if reasonable, get put in within a year time frame. I wouldn't expect that from FOSS unless I had my own developers actively writing and contributing to the project."
You know you can get on someone to yell at or ask reasonable feature requests to with OTRS, don't you? (http://www.otrs.com/en/support/).
"Well, the trademark lawsuit wasn't actually a nice thing."
No, it wasn't, but looking at the whole context I'll ballance on the side of Red Hat: that they did it in order to protect their trade mark against other, more aggressive, possible attacks (they -said, didn't want for "red hat" to seem some kind of "generic term" others could abuse). In the other hand AFAIK it wasn't a lawsuit but a direct agreement between Red Hat and (CentOS/White Tiger). Thinking about it, probably they may KO Centos if they indeed would go for a lawsuit instead of first trying to find an agreement.
"I doubt that MS would change anything. They'd probably rather keep paying fines while ignoring the EU ruling."
What for? If it makes more economical sense to pay the fines than comply, then they probably will do so. If it's better to comply than to pay, then they will comply.
And probably Microsft, sooner or later, will find it makes a better bet to comply than not.
What they probably won't do if they comply is offer Firefox alongside Internet Explorer. What for? Microsoft hardly have weapons to fight against copyleft opensource. Why they would allow "the enemy on their home", so to say, when they can comply on a cheap and controllable way offering Opera, for instance? They already know how to deal with other closed source companies to their advantage, don't they?
"... Err, what? Shell scripts are used all the time. Even upstart services are still often written as shell scripts. Really, why all the anti-shell hostility around here?"
Err... did I say nothing against shell scripts, uh?
I talked about *Bash* scripts. Init scripts should be standard shell, not Bash, as per the single unix specification. Any init script using Bash should be considered a bug but for very few exceptions.
Oh! and by the way... *All* "upstart services" must be written as shell scripts, not just "oftenly".
"I'm starting to wonder if swap is just another obsolete solution to a problem that no longer exists for most real-world users."
No, it is not. It's simply that swap was never aimed as a solution for a *desktop* use profile. I manage servers that are happily using twice as much swap as RAM (not that so much swap is configured but that it is in fact used): they are used mostly for processes using lots of (more or less) short pieces of data. Of course I'd could pay for all that much RAM but one of them has already 16GB so another 32GB wouldn't be exactly cheap (now that I think of it, this model won't support but only 32GB grand total anyway).
If you need all that that *now* and all at the same time (more or less typical for a desktop user or a "single app" server) you probably don't want to hit the swap (but you didn't want it fifteen years ago either; it was only that you couldn't afford more RAM). When you only need the data to stay somehow "near" or your system is heavily multitasking but not interactively (batch processing, for instance) then yes, swap is still the answer.
I know what you mean and, for most part, I'll stay on my position.
"Having a shop of developers maintaining backups, creating build systems/bug tracking, upgrading servers and version control systems, etc... is simply taking away from the process of creating software."
Not having them (==outsourcing the service) makes developers think that servers maintain and scalate themselves by means of magic and they tend to project such vision on their own software for "funny" results: been there, seen that. I wouldn't say going as far as *creating* build systems/bug trackers, etc. but having a hand on their deployment and maintenance it's surely the cheapest way to maintain them afoot on earth. Surely it is not the same a short software mill (on the dozens) that a big multinational software factory nor should it be organized the same but, always to a rationale extent making developers "eat their own dog food" and learn from the mistakes of others makes a wonderful effect. Sure, you won't be able to show the benefits on a spreadsheet as you can show the short-time gained productivity if you outsource but experience shows (it show me, at least) it worths it.
"I wouldn't worry about it. Those who know enough to use ssh to start a remote X session will establish the connection via PKI, not xhost."
Bullshit. Launching a graphic app through ssh is just one "ssh -X" away while PKI... well I can't even start thinking how a public key infrastructure launches remote connections at all.
" Focus on the business at hand (e.g. coding) and quit wasting time on infrastructure (version control, defect tracking, build systems, backup & recovery, server sizing, etc...)."
I know the trend. Then you end up with programmers with the slightest idea about code managing and promotion, which deals to proper sustainable design; proper defect tracking policies, why they work and how can be applied for better code; what will need the sysadmin for the app and/or what will be the foreseable scale problems...
You start this kind of externalization so your operations can devote more time, money and effort to your "core", that is, programing, and you end up with programers that cannot program a "hello world" copying it from a book.
"The first one seems to be something that's more of a carrier thing, though."
Why do you think so? I'd say he in fact had a great idea carriers would be delighted to offer on their phones.
These are not the days of analog telephones. A telephone doesn't ring because there's voltage on the bell wires. It's all software. An smartphone could answer the line without tone and save the voice message as much as it could ring. And carrier would bill it as an aswered call!
"The question is, realistically what would happen if casinos actually allowed the odds of any game to be tilted in the players' favor? Answer: People would flock to that game, the casinos would lose money, and there would be no more casinos. Some people think that would be a good thing; are you surprised that the casino operators are not among them?"
Stupid answer. Right answer: casinos just wouldn't offer that game but only those that get the casino an edge no matter with, roulette, or coin machines for example.
"In my opinion, a security hole certainly is an example of breakage."
Truly it is.
"The parent of my post didn't say anything about stopping the system dead in its tracks, just about breaking something, and the Debian OpenSSL issue surely broke something."
*I* am the parent poster, so I know something about what did I say. And I'll repeat myself: which security update did break anything on the openssl case?
"But yes, breakage due to security updates in Debian DO happen [...] I can remember offhand only about five such breakages in 10 years of being a Debian user and developer."
I'll take your word for it but, please, can you offer any example? I only used Debian for eigth years but I never found one of those.
"Ehh... it was not the security update that broke openssl."
Indeed, this is nearest thing to a security update breaking things I found on all my years using Debian. It's only that it was not a security update but a security upgrade that broke things (on purpose and clearly advertised): openssh-blacklist indeed breaks things but it won't install unless you upgrade instead of update.
"They claim it's a feature, because it's a feature their large corporate customers asked for. You aren't likely to get bonus points for going against that one."
But the question is *why* they asked for it.
"Microsoft used to release patches as soon as they were discovered. They worked that way for decades. A hole was found, a fix was built, tested, and released. Patches would come out almost daily sometimes. The big companies didn't like that because besides the plethora of standard 3rd party apps that MS and others tested the patch against, they also all had tons of custom in-house software that each patch had to be tested against."
That's the symptom, not the deep reason. The reason they didn't wanted ASAP patches is simply because *they broke things*.
I'm still waiting for a Debian security update to break anything.
"Don't discuss the attack, that's just playing into the hand they gave you. What I would point out is the monthly patch cycle you buy into with MS. "
I think you are right, but I'd go even a step further. Just as it is read: "I have several customers who now want more than my word about the security of systems that have worked for them flawlessly for 5-6 years"
Then I'd say: "Have your facts: all I can offer is my word and my 5-6 years track record, true. But once the Microsoft minion's word dust has settle what is it in reality *their* track record? Something like millions of malware-bloated systems? You are not buying words; you are buying facts."
"WfW didn't come with a TCP/IP stack though it was all Netbeui... workgroup = local LAN, bascially You downloaded the TCP/IP addon from microsoft research (it never left beta, but was pretty stable)."
This doesn't earned "+5 informative" since it is not. While NetBEUI was the default protocol, Microsoft added quite strong and supported TCP/IP and IPX/SPX stacks (it was starting its fight against Novell those days). In fact, since I managed a "mixed" and routed network with Microsoft, Apple and Unix systems (NetBEUI was not only non-standard but it was non-routable too), we always installed TCP/IP as the default and only protocol, directly from the official Microsoft disks and without a glitch.
"Windows 3.11 and Windows for Workgroups 3.11 were two different products."
AFAIK there weren't Windows 3.11 but "Windows 3.1" and "Windows 3.11 for Workgroups". Main differences where, well, the "for Workgroups" part. It supported NetBIOS and added network support by default by means of NetBEUI protocol while the TCP/IP stack was an optional (free of cost) package too, probably aimed against Trumpet Winsocket and the likes.
It offered password protected shares and was (somehow) able to be connected to a NT-style domain (once 3.5 and 3.51 server apeared)through some win.ini hacks and NT-provided DLLs (plain passwords notwithstanding).
While it was some fun, it was no contender agains UNIX's NFS and NIS/NIS+... except, of course, it was awfully cheaper and it supported rising office packages.
"That's a horrible analogy. Henry Ford put them out of business by creating something better."
Don't you think it's better to have sausages for free at leisure than having to buy them on the terms and conditions of the seller?
"Pirates are doing the equivalent of putting Henry Ford out of business when there is no superior technology replacing it."
They offer the same good at a cheaper price tag. That's objectively superior.
"You go back to horse and buggy because you destroyed the car market."
You don't understand the market forces. It's either an apreciated good or service, in which case consumers and providers will find a way to mutually satisfy or it was not so apreciated in which case we are better without it.
"It's unbelievable to me that you could possibly think that piracy destroying the software market is somehow equivalent to cars destroying the horse and buggy market."
It is. In both cases alternatives better considered by the consumer end arose.
"Your analogy only shows everyone that pirates are *woefully* out of touch with reality. "
Yes. I bet most pirates are in the bussiness to lose money.
"So what? What that means is no software and no sausages."
Sorry but not. What that means is no more stablished software or sausages market as you currently know it.
"You won't have new software."
That's your bet. Being the case I've using no closed source software for ages and that my wages are payed by a company developing nothing but open source software I won't put a dime on your bet.
"Congrats on keeping society and technology stifled and living off the past."
The fact of you lacking imagination to see market evolution past current methods and practices doesn't make you right. Just shows your unability for it. Luckily not everybody is like you as it demonstrates the existance of growing markets like SaaS or development on-demand which are not affected by "piracy" (not that I remember when was the last time a software developer was assaulted on high seas by people with a wood leg saying "Arrrrh!"... but that's a different story).
"This prompted us to move towards a pay setup where we have someone who we can call up and yell at and also make feature requests that, if reasonable, get put in within a year time frame. I wouldn't expect that from FOSS unless I had my own developers actively writing and contributing to the project."
You know you can get on someone to yell at or ask reasonable feature requests to with OTRS, don't you? (http://www.otrs.com/en/support/).
"Well, the trademark lawsuit wasn't actually a nice thing."
No, it wasn't, but looking at the whole context I'll ballance on the side of Red Hat: that they did it in order to protect their trade mark against other, more aggressive, possible attacks (they -said, didn't want for "red hat" to seem some kind of "generic term" others could abuse). In the other hand AFAIK it wasn't a lawsuit but a direct agreement between Red Hat and (CentOS/White Tiger). Thinking about it, probably they may KO Centos if they indeed would go for a lawsuit instead of first trying to find an agreement.
"They don't mind it because the license says they can't help it."
But they could do it hell more difficult and still well within GPL's "spirit".
For instance, they could allow access to sources only to their paying customers just like they do for binary updates.
And/or they could allow access to the unpackaged sources instead of those nifty srpm packages.
"Not complying is not an option."
Microsoft has already demonstrated beyond doubts not complying indeed is an option.
Do you remember Microsoft already was trialed on charges of abusing monopolistic position and even found guilty?
"I doubt that MS would change anything. They'd probably rather keep paying fines while ignoring the EU ruling."
What for? If it makes more economical sense to pay the fines than comply, then they probably will do so. If it's better to comply than to pay, then they will comply.
And probably Microsft, sooner or later, will find it makes a better bet to comply than not.
What they probably won't do if they comply is offer Firefox alongside Internet Explorer. What for? Microsoft hardly have weapons to fight against copyleft opensource. Why they would allow "the enemy on their home", so to say, when they can comply on a cheap and controllable way offering Opera, for instance? They already know how to deal with other closed source companies to their advantage, don't they?
"... Err, what? Shell scripts are used all the time. Even upstart services are still often written as shell scripts. Really, why all the anti-shell hostility around here?"
Err... did I say nothing against shell scripts, uh?
I talked about *Bash* scripts. Init scripts should be standard shell, not Bash, as per the single unix specification. Any init script using Bash should be considered a bug but for very few exceptions.
Oh! and by the way... *All* "upstart services" must be written as shell scripts, not just "oftenly".
"I think OS start up is a serious script."
Surely it is.
You must think it's such a big pity Bash is not used on OS start up...
"But this should not be about escaping blame, it should be about minimizing risk."
Sadly enough, in too many places not upgrading till obviusly broken *is* a minimizing risk strategy... Minimizing employ risk, I mean.
"Hell, all five wizards are mentioned in Lord of the Rings."
False. It is mentioned that there are five wizards but only three of them are in fact mentioned.
"I'm starting to wonder if swap is just another obsolete solution to a problem that no longer exists for most real-world users."
No, it is not. It's simply that swap was never aimed as a solution for a *desktop* use profile. I manage servers that are happily using twice as much swap as RAM (not that so much swap is configured but that it is in fact used): they are used mostly for processes using lots of (more or less) short pieces of data. Of course I'd could pay for all that much RAM but one of them has already 16GB so another 32GB wouldn't be exactly cheap (now that I think of it, this model won't support but only 32GB grand total anyway).
If you need all that that *now* and all at the same time (more or less typical for a desktop user or a "single app" server) you probably don't want to hit the swap (but you didn't want it fifteen years ago either; it was only that you couldn't afford more RAM). When you only need the data to stay somehow "near" or your system is heavily multitasking but not interactively (batch processing, for instance) then yes, swap is still the answer.
"Sorry, should have been clearer in my examples."
I know what you mean and, for most part, I'll stay on my position.
"Having a shop of developers maintaining backups, creating build systems/bug tracking, upgrading servers and version control systems, etc... is simply taking away from the process of creating software."
Not having them (==outsourcing the service) makes developers think that servers maintain and scalate themselves by means of magic and they tend to project such vision on their own software for "funny" results: been there, seen that. I wouldn't say going as far as *creating* build systems/bug trackers, etc. but having a hand on their deployment and maintenance it's surely the cheapest way to maintain them afoot on earth. Surely it is not the same a short software mill (on the dozens) that a big multinational software factory nor should it be organized the same but, always to a rationale extent making developers "eat their own dog food" and learn from the mistakes of others makes a wonderful effect. Sure, you won't be able to show the benefits on a spreadsheet as you can show the short-time gained productivity if you outsource but experience shows (it show me, at least) it worths it.
"I wouldn't worry about it. Those who know enough to use ssh to start a remote X session will establish the connection via PKI, not xhost."
Bullshit. Launching a graphic app through ssh is just one "ssh -X" away while PKI... well I can't even start thinking how a public key infrastructure launches remote connections at all.
" Focus on the business at hand (e.g. coding) and quit wasting time on infrastructure (version control, defect tracking, build systems, backup & recovery, server sizing, etc...)."
I know the trend. Then you end up with programmers with the slightest idea about code managing and promotion, which deals to proper sustainable design; proper defect tracking policies, why they work and how can be applied for better code; what will need the sysadmin for the app and/or what will be the foreseable scale problems...
You start this kind of externalization so your operations can devote more time, money and effort to your "core", that is, programing, and you end up with programers that cannot program a "hello world" copying it from a book.
"The first one seems to be something that's more of a carrier thing, though."
Why do you think so? I'd say he in fact had a great idea carriers would be delighted to offer on their phones.
These are not the days of analog telephones. A telephone doesn't ring because there's voltage on the bell wires. It's all software. An smartphone could answer the line without tone and save the voice message as much as it could ring. And carrier would bill it as an aswered call!
"The question is, realistically what would happen if casinos actually allowed the odds of any game to be tilted in the players' favor?
Answer: People would flock to that game, the casinos would lose money, and there would be no more casinos. Some people think that would be a good thing; are you surprised that the casino operators are not among them?"
Stupid answer.
Right answer: casinos just wouldn't offer that game but only those that get the casino an edge no matter with, roulette, or coin machines for example.
"Many forget that's what gambling is, entertainment."
Maybe it is because there's no fun on gambling. There's fun on wining.
"In my opinion, a security hole certainly is an example of breakage."
Truly it is.
"The parent of my post didn't say anything about stopping the system dead in its tracks, just about breaking something, and the Debian OpenSSL issue surely broke something."
*I* am the parent poster, so I know something about what did I say. And I'll repeat myself: which security update did break anything on the openssl case?
Hint: Noone.
"But yes, breakage due to security updates in Debian DO happen [...] I can remember offhand only about five such breakages in 10 years of being a Debian user and developer."
I'll take your word for it but, please, can you offer any example? I only used Debian for eigth years but I never found one of those.
"Ehh... it was not the security update that broke openssl."
Indeed, this is nearest thing to a security update breaking things I found on all my years using Debian. It's only that it was not a security update but a security upgrade that broke things (on purpose and clearly advertised): openssh-blacklist indeed breaks things but it won't install unless you upgrade instead of update.
"They claim it's a feature, because it's a feature their large corporate customers asked for. You aren't likely to get bonus points for going against that one."
But the question is *why* they asked for it.
"Microsoft used to release patches as soon as they were discovered. They worked that way for decades. A hole was found, a fix was built, tested, and released. Patches would come out almost daily sometimes. The big companies didn't like that because besides the plethora of standard 3rd party apps that MS and others tested the patch against, they also all had tons of custom in-house software that each patch had to be tested against."
That's the symptom, not the deep reason. The reason they didn't wanted ASAP patches is simply because *they broke things*.
I'm still waiting for a Debian security update to break anything.
"Don't discuss the attack, that's just playing into the hand they gave you.
What I would point out is the monthly patch cycle you buy into with MS. "
I think you are right, but I'd go even a step further. Just as it is read:
"I have several customers who now want more than my word about the security of systems that have worked for them flawlessly for 5-6 years"
Then I'd say: "Have your facts: all I can offer is my word and my 5-6 years track record, true. But once the Microsoft minion's word dust has settle what is it in reality *their* track record? Something like millions of malware-bloated systems? You are not buying words; you are buying facts."
I must admit I didn't know about "Windows 3.1 for Workgroups" or Windows 3.11 "plain" but these both KB articles are quite enlightning:
http://support.microsoft.com/kb/126746
http://support.microsoft.com/kb/32905
"WfW didn't come with a TCP/IP stack though it was all Netbeui... workgroup = local LAN, bascially You downloaded the TCP/IP addon from microsoft research (it never left beta, but was pretty stable)."
This doesn't earned "+5 informative" since it is not. While NetBEUI was the default protocol, Microsoft added quite strong and supported TCP/IP and IPX/SPX stacks (it was starting its fight against Novell those days). In fact, since I managed a "mixed" and routed network with Microsoft, Apple and Unix systems (NetBEUI was not only non-standard but it was non-routable too), we always installed TCP/IP as the default and only protocol, directly from the official Microsoft disks and without a glitch.
"Windows 3.11 and Windows for Workgroups 3.11 were two different products."
AFAIK there weren't Windows 3.11 but "Windows 3.1" and "Windows 3.11 for Workgroups". Main differences where, well, the "for Workgroups" part. It supported NetBIOS and added network support by default by means of NetBEUI protocol while the TCP/IP stack was an optional (free of cost) package too, probably aimed against Trumpet Winsocket and the likes.
It offered password protected shares and was (somehow) able to be connected to a NT-style domain (once 3.5 and 3.51 server apeared)through some win.ini hacks and NT-provided DLLs (plain passwords notwithstanding).
While it was some fun, it was no contender agains UNIX's NFS and NIS/NIS+... except, of course, it was awfully cheaper and it supported rising office packages.
"Sorry when were the days when eyeballs and fingers _were_ hard to remove?"
It is not the fingers that are hard to remove... it is the gun on those died cold fingers... ahem...
"That's a horrible analogy. Henry Ford put them out of business by creating something better."
Don't you think it's better to have sausages for free at leisure than having to buy them on the terms and conditions of the seller?
"Pirates are doing the equivalent of putting Henry Ford out of business when there is no superior technology replacing it."
They offer the same good at a cheaper price tag. That's objectively superior.
"You go back to horse and buggy because you destroyed the car market."
You don't understand the market forces. It's either an apreciated good or service, in which case consumers and providers will find a way to mutually satisfy or it was not so apreciated in which case we are better without it.
"It's unbelievable to me that you could possibly think that piracy destroying the software market is somehow equivalent to cars destroying the horse and buggy market."
It is. In both cases alternatives better considered by the consumer end arose.
"Your analogy only shows everyone that pirates are *woefully* out of touch with reality. "
Yes. I bet most pirates are in the bussiness to lose money.
"So what? What that means is no software and no sausages."
Sorry but not. What that means is no more stablished software or sausages market as you currently know it.
"You won't have new software."
That's your bet. Being the case I've using no closed source software for ages and that my wages are payed by a company developing nothing but open source software I won't put a dime on your bet.
"Congrats on keeping society and technology stifled and living off the past."
The fact of you lacking imagination to see market evolution past current methods and practices doesn't make you right. Just shows your unability for it. Luckily not everybody is like you as it demonstrates the existance of growing markets like SaaS or development on-demand which are not affected by "piracy" (not that I remember when was the last time a software developer was assaulted on high seas by people with a wood leg saying "Arrrrh!"... but that's a different story).